Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp5995773pxj; Wed, 23 Jun 2021 13:53:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwIXVV6rqAmK/7naCLZed9fUiG1kbETbIaUYiElM8mIwwyGun+Y4YnKP2hhqkd07BJ8fOQ0 X-Received: by 2002:a5d:80cf:: with SMTP id h15mr1207048ior.30.1624481580422; Wed, 23 Jun 2021 13:53:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624481580; cv=none; d=google.com; s=arc-20160816; b=pcXzVwCMdiel9WRoQ4zGGXYzJOdYdOmHVDVK1vNaRY3/XOes2T2tIGhvQw+sJ8cPGc zEvBwtLRFiNiHLbHZU+9IBwjFUw28KEwfeebIeY88ibF0VAkzE0jZyoYug4Jn4pOuacc KkqyL1Kt11fIaeAPqEmkr+Z1Zt8mevnxjvReVVtKDsoLHPYWs/lr2sfUVQEdi35raTX4 Rk7AyL0T4kR3Q62EtwNGSUSXj17gpacZcGR0KrGCi8hjhPngYfR+Tso6did9HwZ9kOkU 2Y7zzco6XUfNcQptidZndIIrR47chVZhujXz5NmjPzrycKHzi9bf2KpGxZK8dX3xpLhK jltA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:from:cc:to:subject :content-transfer-encoding:mime-version:references:in-reply-to :user-agent:date:dkim-signature:dkim-filter; bh=uk/YtYtF3NyTcumCvliy/vR0llJ6HHjAYyR6yNJrg3w=; b=k61/Hm0EB15VpMSOL/daFVgDMlJETVLed8IjbGWfAzHnTjsK2yo1PI+wxTh/QPhNeW E7uT+CwaUesPQXT58w/TNUU3Hw3lw7SOD0QQisVuHR/v9kXZLtNFZ4E+F9lyPyeui8Um rXVGNP0bIVGfWQwJU1gGF1deoWQ6/wT2WGuv37tPYiC1WcOzHlNaEhCguqudv0Qz4aKF XUR9khO8JtOUdp8GJ2TvEIqlI4fsUIsoWRkrcWsGvcZ38VCqMFL2RcPGCOQ24vp3qPQ+ iD7IQll2FLQ5Q7Lnb/SPCU0R2UNbVd9dULxf8BbUv3vVUl4QIGbOt6LVrTsyBmVSc6SO Duxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@zytor.com header.s=2021052901 header.b=EcOg1YMY; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=zytor.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a4si580110ild.162.2021.06.23.13.51.11; Wed, 23 Jun 2021 13:53:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@zytor.com header.s=2021052901 header.b=EcOg1YMY; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=zytor.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229800AbhFWUwb (ORCPT + 99 others); Wed, 23 Jun 2021 16:52:31 -0400 Received: from terminus.zytor.com ([198.137.202.136]:57443 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229955AbhFWUw3 (ORCPT ); Wed, 23 Jun 2021 16:52:29 -0400 Received: from [IPv6:2601:646:8602:8be1:41b0:e4be:291d:d842] ([IPv6:2601:646:8602:8be1:41b0:e4be:291d:d842]) (authenticated bits=0) by mail.zytor.com (8.16.1/8.15.2) with ESMTPSA id 15NKnWss1881455 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Wed, 23 Jun 2021 13:49:42 -0700 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 15NKnWss1881455 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2021052901; t=1624481384; bh=uk/YtYtF3NyTcumCvliy/vR0llJ6HHjAYyR6yNJrg3w=; h=Date:In-Reply-To:References:Subject:To:CC:From:From; b=EcOg1YMYqPLQxUgyx8chx9DZmodpxIRbipSdhYYcxSs3rn7jMEBpK5mbU95wcKOHR 8+J9iFvUKX4MpFyHsGHbs1ZbzA8tZN4bli0dBI0Q9ZO5nT13ALURL0ZGH15qs3lm06 I0hgFtqJmdl9+88R2EfcxlyXCMcXQkX/2mXB7zcLZfwNvbqVE0f/PR03s1zQV6B/KF Brz0EfQcp6vaYwKUQtDUdsfHOc+dz8mZepwYF/3MOena43Y8cHodwE77M2t6r8mza0 okpf8DNsnbpcy2OKv4CDNjxl2FTphyEiTOSQZ4HtqTjjQ6Arhgn5Qmv8/NHmKtu+Cp ct/ESNxGHl9eA== Date: Wed, 23 Jun 2021 13:49:24 -0700 User-Agent: K-9 Mail for Android In-Reply-To: References: <20210623120751.3033390-1-mic@digikod.net> <9dbbf4e751cb4953fe63079cdc917a0bb3a91670.camel@chronox.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PATCH v1] crypto: Make the DRBG compliant with NIST SP800-90A rev1 To: James Morris , Stephan Mueller CC: =?ISO-8859-1?Q?Micka=EBl_Sala=FCn?= , David Miller , Herbert Xu , John Haxby , Konrad Rzeszutek Wilk , Simo Sorce , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, =?ISO-8859-1?Q?Micka=EBl_Sala=FCn?= , tytso@mit.edu From: "H. Peter Anvin" Message-ID: <98006AFB-C40E-46F7-BE88-D8E66653B71B@zytor.com> Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This one really does keep coming back like yesterday's herring, doesn't it= =2E=2E=2E On June 23, 2021 10:00:29 AM PDT, James Morris wrote: >On Wed, 23 Jun 2021, Stephan Mueller wrote: > >>=20 >> > These changes replace the use of the Linux RNG with the Jitter RNG, >> > which is NIST SP800-90B compliant, to get a proper entropy input >and a >> > nonce as defined by FIPS=2E >>=20 >> Can you please help me understand what is missing in the current code >which >> seemingly already has achieved this goal? > >The advice we have is that if an attacker knows the internal state of >the=20 >CPU, then the output of the Jitter RNG can be predicted=2E --=20 Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E